Vulnerability identifier: #VU88935

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26586

CWE-ID: CWE-787

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor:

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the mlxsw_sp_acl_tcam_init() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can trigger stack corruption and crash the kernel.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

---

External links
http://git.kernel.org/stable/c/56750ea5d15426b5f307554e7699e8b5f76c3182
http://git.kernel.org/stable/c/348112522a35527c5bcba933b9fefb40a4f44f15
http://git.kernel.org/stable/c/2f5e1565740490706332c06f36211d4ce0f88e62
http://git.kernel.org/stable/c/a361c2c1da5dbb13ca67601cf961ab3ad68af383
http://git.kernel.org/stable/c/483ae90d8f976f8339cf81066312e1329f2d3706
http://git.kernel.org/stable/c/6fd24675188d354b1cad47462969afa2ab09d819

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.